DEPENDENCY CONFUSION POC v0.0.3 — PoC with Burp Collaborator callback. Claimed by L0bo to demonstrate attack surface in Apple's ml-health-query-profiles.
This project has been quarantined.
PyPI Admins need to review this project before it can be restored. While in quarantine, the project is not installable by clients, and cannot be being modified by its maintainers.
Read more in the project in quarantine help article.
Project description
query-profile
⚠️ DEPENDENCY CONFUSION PROOF OF CONCEPT ⚠️
This package name (query-profile) was identified as unclaimed on PyPI while being directly referenced in Apple's official open-source repository:
- Repository: apple/ml-health-query-profiles
- Affected file: docs/TUTORIAL.md
- Issue: The tutorial instructs users to run
pip install query-profile, but Apple never published this package to PyPI.
This package is a harmless proof of concept — it does nothing except demonstrate that the package name was unclaimed and could be registered by an attacker. In a real attack, a malicious package under this name could:
- Steal OpenAI/Anthropic/Azure API keys
- Exfiltrate sensitive health query data
- Install backdoors or persistence mechanisms
This package was published for responsible disclosure purposes only. No malicious code is included.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file query_profile-0.0.3.tar.gz.
File metadata
- Download URL: query_profile-0.0.3.tar.gz
- Upload date:
- Size: 3.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b22b20c73d528987218d0c3140f3ad84f1ad6bf375f1fd386dadfa169f3b8dc2
|
|
| MD5 |
c62f542045b2a9d09d548cd39461b06a
|
|
| BLAKE2b-256 |
3cc69a695596af87571bc1dd60549d69ecce529e9894665420d415e52e428cf3
|
File details
Details for the file query_profile-0.0.3-py3-none-any.whl.
File metadata
- Download URL: query_profile-0.0.3-py3-none-any.whl
- Upload date:
- Size: 3.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8d652477cb7767fa8374779b2bd08b9c0e112cb048a79a03c2e0a37384c243fd
|
|
| MD5 |
84c5d36ef68c0445a2d9209d3e8e6466
|
|
| BLAKE2b-256 |
0dc9521dd6a4161d922764787a6873893cb5b1fbb409a650ceafff1dfcc18c07
|
